An identification system includes at least one user medium, which is equipped to store a derived key and authenticate itself using the same with respect to a write and/or read device. Furthermore, at least one key dispensing medium is present, which comprises a monolithic first integrated circuit having storage means and processor means, wherein the first integrated circuit is equipped to store a source key and derive therefrom the derived key and to pass it on for storage in the user medium, wherein the user medium is enabled neither directly nor by way of aids to read the source key from the key dispensing medium and/or the user medium is not enabled to calculate a derived key.
|
1. An identification system comprising:
at least one user medium;
wherein the medium is equipped to store a derived key and to use the derived key to authenticate itself to a read and/or write device,
the identification system further comprising a first key dispenser medium which contains a monolithic first integrated circuit with memory means and processor means,
wherein the first integrated circuit is equipped to decrypt and store an encrypted source key,
wherein the first integrated circuit is equipped to derive the derived key from the source key and to forward said derived key for storage in the user medium,
the identification system further comprising another key dispenser medium containing another monolithic first integrated circuit with memory means and processor means,
wherein the first integrated circuit of the first key dispenser medium is equipped to encrypt the source key for forwarding to the other key dispenser medium,
and wherein said other key dispenser medium is a reduced key dispenser medium which is capable of deriving the derived key from the source key and of forwarding it for storage in the user medium, and which is not capable of providing the source key in such an encrypted form that it can be decrypted and stored by yet another key dispenser medium or reduced key dispenser medium.
18. A method for installing an identification system having at least one user medium which is equipped to use a derived key to authenticate itself to a read and/or write device, and having at least one key dispenser medium, comprising the following method steps:
(a) issuing at least a first and a second key dispenser medium to an operator of the identification system, wherein the first and second key dispenser media are equipped to store a source key and to derive keys derived therefrom,
(b) issuing a plurality of user media without keys or with identical keys to the operator, wherein the user media are capable of receiving and storing the derived key provided by the key dispenser medium,
(c) generating, by the first key dispenser medium, the source key,
(d) encrypting, by the first key dispenser medium, the source key, and forwarding the encrypted source key to the second key dispenser medium,
(e) deriving, by the second key dispenser medium, at least one derived key from the source key, and
(f) transmitting the derived key to at least one of the user media for storing therein,
wherein said second key dispenser medium is a reduced key dispenser medium which is capable of deriving the derived key from the source key and for forwarding it for storage in the user medium, and which is not capable of providing the source key in such an encrypted from that it can be decrypted by yet another key dispenser medium or reduced key dispenser medium.
2. The identification system as claimed in
3. The identification system as claimed in
4. The identification system as claimed in
5. The identification system as claimed in
6. The identification system as claimed in
7. The identification system as claimed in
8. The identification system as claimed in
9. The identification system as claimed in
10. The identification system as claimed in
11. The identification system as claimed in
12. The identification system as claimed in
13. The identification system as claimed in
14. The identification system as claimed in
15. The identification system as claimed in
16. The identification system as claimed in
17. The identification system as claimed in
19. The method as claimed in
|
1. Field of the Invention
The invention relates to the field of identification technology, as is used for security and data storage media systems, for example. It relates particularly to a system and a method for producing user media in an identification system.
2. Description of Related Art
Identification systems (often the term “authentication system” would be more correct) are used for different applications such as access control (in what are known as ‘online’ systems, in which an object for which access is being controlled is in contact with a central unit, and in ‘offline’ systems, in which this is not the case), prepaid card systems, data acquisition systems, etc.
Usually, the identification systems have user media—for example “Smart Cards”—which are provided with a data memory which stores a suitable electronic key. In application, data interchange takes place—usually without physical contact—with a read and/or write device, wherein the electronic key is used to perform an authentication process and the desired action—for example the release of an object, the purchase of an item or service, the writing of a piece of information to the user medium, etc.—is performed successfully only if the electronic key is established to be correct in the read and/or write device or possibly in the user medium, or the result of a computation operation on the basis of the key produces a desired value.
A frequently chosen approach is for the common electronic key to be stored on all user media and for the electronic key to be known to all read and/or write devices in a system. This is a good solution for small, straightforward systems. However, it makes no sense in larger systems, for if a medium or the key is lost and (possibly) reaches an unauthorized person, all elements of the system need to be reprogrammed with a new key.
An alternative approach is to provide what is known as a “Site Key” or “Master Key” which is used as a basis for calculating the electronic keys. The electronic keys for the various media differ from each other, only the ‘Master Key’ is common. The ‘Master Key’ is never used for identification, and it cannot be calculated from the keys.
This alternative approach makes it possible such that not all elements of the system to have to be reprogrammed in the event of loss of a medium, but rather only particular applications which are affected by the loss. However, some significant drawbacks remain as user media are generally initialized, and have information written to them, by a computer which must contain the master key. This is a security risk because the whole system is endangered if the master key is copied. For this reason, media in such systems are issued by central certification offices—for example provided by the vendor of the entire identification system—and these central certification offices never issue the master key. Although satisfactory security devices at the central certification offices warrant the required security to a certain extent, the procurement of new media is complicated and—as a result of the involvement of the central certification office—also expensive. Furthermore, there is always the residual risk of abuse by persons working at the certification office.
A system with a central certification office for applications in the banking sector or the like is described in U.S. Pat. Nos. 4,811,393 and 4,910,773, for example. In accordance with this teaching, ‘User Cards’ (user media) are provided which are also in the form of security modules whose memory can be accessed only by the dedicated module processor, for example. The user media are used to store a derived key (diversified key) which has been determined from a base key. This system also requires a central certification office and is furthermore also costly because all user media need to be designed in hardware as security modules with appropriate processors and data memories.
It is an object of the invention to provide approaches which remedy this situation.
The present case provides an identification system comprising at least one key dispenser medium with a first integrated circuit and at least one user medium. The first integrated circuit comprises memory means and processor means which are preferably monolithically integrated. It is equipped to store a source key (“Site Key”) and to calculate keys derived therefrom, wherein the hardware of the key dispenser medium preferably does not allow the unencrypted source key to be read. The user medium may have a second integrated circuit and is equipped to store a derived key and to perform an authentication process on the basis of this derived key together with a read and/or write device.
The monolithic integration of the first integrated circuit, which, besides the memory for the source key, also contains the processor means for calculating the derived key, is advantageous in that no data allowing calculation of the source key need to leave the integrated circuit in order to calculate the derived key.
According to a first property of preferred embodiments of the invention, the read and/or write device has a third integrated circuit, which, like the key dispenser medium, is equipped to store a source key (“Site Key”) and to calculate keys derived therefrom.
In this case, the hardware of the read and/or write device preferably does not allow the unencrypted source key to be read and, for example, also does not allow encrypted data comprising the source key to be issued, and/or, for example, also does not allow derived keys to be issued. The latter are calculated exclusively in order to perform the authentication process together with the user media, which of course also comprises this derived key. However, provision may also be made for the third integrated circuit to forward the derived key to another element of the read and/or write device, which then, for its part, performs the authentication process with the user medium.
With particular preference, the third integrated circuit is of physically identical design to the first integrated circuit and differs therefrom only in that it is configured differently.
In line with a second property of preferred embodiments of the invention, the key dispenser medium and the user medium are now of physically different design such that the user medium is able to read the source key or ascertain it in another way neither directly nor using means (for example an interposed computer) and/or that the user medium is unable to calculate a derived key.
By way of example, the first integrated circuit and the second integrated circuit may be designed with such different hardware that the first integrated circuit is able to perform operations (calculations etc.) which the second integrated circuit is not at all able to perform.
This approach has the important advantage that holders of user media cannot turn them into a key dispenser, not even by means of illegal actions. The key dispensers can be kept in a small number and inspected at any time.
In some embodiments of the invention, the identification system has at least two different communication channels which are fundamentally distinguished by the physics of the signal transmission and/or by the protocols used. Thus, by way of example, provision may be made for the key dispenser media to be able to be read exclusively in a contact-based fashion, while the communication between user media and read and/or write device is effected contactlessly, for example by means of radio frequency waves (RFID) or other electromagnetic waves, inductively or capacitively/resistively. The use of electromagnetic waves for the data interchange both with the key dispenser media and with the user media, but using different frequencies and/or different protocols, is also conceivable.
Preferably, identification systems based on these embodiments are designed such that user media have different data interchange interfaces than the key dispensers, i.e. the different communication channels mean that the user media cannot read data which are sent by key dispenser media on at least one available communication channel.
The approach in line with these embodiments enhances advantages which are obtained on the basis of the second advantageous property.
In line with a third property of preferred embodiments of the invention, the key dispenser medium is capable of decrypting and storing an encrypted source key provided by another key dispenser medium, and of encrypting the source key for forwarding to another key dispenser medium. This allows the key dispenser medium to duplicate a key dispenser (in this case a ‘Key Dispenser’ refers to a key dispenser medium with a source key stored thereon) onto a ‘Blank’ key dispenser medium.
In the approach based on the third property, the source key is issued only in encrypted form and, by way of example, only after a further security element, for example a PIN, has been input. Alternatively or in addition, the further security element required may be the forwarding of a (for example encrypted) specific code (uniqueness number of the like) for the key dispenser medium that is to have information written to it. By way of example, this specific code is requested at the start of the process by the key dispenser medium that is to have information written to it. This additional security feature has the advantage that an abusively stored data packet with the encrypted source key cannot also be used to generate further key dispensers. The security feature may be required for all first processor means and possibly also for the third processor means, for example provided that they can have information written to them online, or else only for a selection of processor means.
For the purpose of the encryption, the key dispenser media may be provided, during manufacture, with a security key which is not known to the operator of the identification system (a separate security key may be provided for each operator, or the security key may be identical for a plurality of operators or even for each operator without security problems arising therefrom). The security key is used for decrypting—and in the case of symmetrical encryption, also for encrypting—the source key and is integrated in the first integrated circuit such that it can never be issued. As an alternative, it is also possible for asymmetric encryption to be provided, wherein at least the key required for decryption is a security key which is known only to the security chip.
For example, provision may be made—such an approach is known per se—for the security key not to be known to a single individual, but rather for it to be obtained from a combination of different key elements which are known to different persons/groups of persons.
With particular preference, the source key can be generated by the key dispenser medium itself.
All in all, the opportunity arises for an operator of the identification system to initialize the user media himself and to provide them with (derived) keys without having them produced by a central unit with appropriate security devices. Nevertheless, security is not adversely effected in comparison with existing systems, which will be explained in more detail in the description which follows. The user is also able to generate and manage a plurality of key dispenser media, which is advantageous when one of the media fails or is lost.
In line with one preferred refinement of embodiments with the third property, there may be two different types of key dispenser media. A first type of key dispenser media is capable of producing further key dispensers by means of duplication. Although a second type of key dispenser media—also called “reduced key dispenser medium” in this text—is able to derive derived keys from the source key—and possibly to initialize read and/or write devices as described below—it is unable to produce any other key dispensers.
In line with a first variant, this is accomplished by providing data produced by the first/second type of key dispenser medium with different designations. The integrated circuits of both types of key dispenser media disallow the storage of a source key if the data contained (in encrypted form) in the source key come from a reduced key dispenser medium. This can be prompted by appropriate configuration of the first integrated circuit.
In line with a second variant, the second type of key dispenser media is totally incapable of issuing the source key (in encrypted form).
The distinction between the first and second key dispensers allows finer gradation of authorizations by the operator.
The use of reduced key dispensers in line with the first variant is furthermore appropriate particularly when the encrypted source key is sent via a data line or a network, as described below. In that case, a person intercepting the data line without authorization is unable to generate a key dispenser from the encrypted source key even if a key dispenser medium blank is present.
In embodiments of the invention with a fourth advantageous property, an identification system can be set up such that the operator of the system is able to generate keys for daily use on user media himself. There are, thus, two mutually independent instances which contribute to producing the keys in use:
In comparison with the prior art, this is more secure, since even a group of persons working for the manufacturer can never obtain all security features, since the keys themselves are produced by the operator. Furthermore, the approach is also less complex and sometimes less costly for the operator, since he is able to set up the entire system himself and also reconfigure it again if adjustments are necessary.
In embodiments with the fourth property, the operator is issued a set of parts, for example, which comprises at least one key dispenser medium—which preferably has the ability to generate the source key itself and is delivered as a key dispenser medium blank—and a plurality of user media, likewise without a key (or with a temporary key which is set up at the factory). The set preferably also includes an instruction which explains how the operator himself can generate source keys, derive derived keys therefrom and possibly duplicate key dispensers.
While each of the above advantageous properties can be implemented on its own on an identification system according to the invention, combinations of the above advantageous properties, which synergistically contribute together to increased security, to compatibility with existing identification technologies and to ease of handling by the operator, are particularly preferred, as can be seen more specifically from the explanations which follow and from the description of the exemplary embodiments. Arbitrary combinations of two, three or all four of the advantageous properties are part of the teaching according to the invention; quite particular preference is given to a combination of all four properties.
The statements which follow can—unless indicated otherwise—be applied to all properties and combinations of properties.
The key dispensers contain the source key and are set up to calculate a derived key from the source key and further parameters (for example a uniqueness number and/or an application index) and to issue said derived key. The key dispensers are provided as ‘Masters’ only to a restricted circle of users, for example only to a system responsibility holder. Furthermore, the key dispensers—or the first integrated circuits thereon—may be set up such that they make the issue of the encrypted source key and/or the issue of a derived key dependent on the input of an identification code (for example PIN). If an improper code is input multiple times, there may be provision for an automatic “reset”, for example including the source key being deleted or rendered inaccessible. The first integrated circuits are monolithic in the sense that memory means and processor means are integrated in a common chip, and there are no data lines between the memory and the processor which are accessible without destroying the chip.
The first—and possibly also the third integrated circuit—may be in the form of a security chip, for example, which has both the memory means and the processor means. Security chips which output (certain) data only in encrypted form and which also render ‘Reverse Engineering’ at least more difficult are already known in principle. The first and possibly the third integrated circuits additionally have means, for example, on the basis of the source key and use further data (for example a uniqueness number and/or an application index) to calculate a derived key. Furthermore, the first integrated circuit can issue this derived key—possibly in encrypted form.
The key dispenser media may physically be in the form of chip cards, dongles, chip sets which are or can be integrated into a data processing appliance (slot etc.), etc. The physical form is not significant to the invention, and the monolithic integration of the memory containing the source key with the processor means which encrypt the latter and calculate the derived keys in a single chip is preferred in all cases.
The second media are user media. They contain a derived key calculated by a key dispenser. They are furthermore equipped to interchange data with a read and/or write device on a—preferably contactless—route and to perform an authentication process. By way of example, the data interchange between user media and a read and/or write device can be effected using radio frequency (RF) signals. In this case, an inherently known technology can be used, at the time of writing the present text for example Mifare® (a system based on ISO 14443A which is offered in different variants, including “Mifare Classic” and “Mifare DESfire”), or else FeliCa (ISO 18092), another system based on ISO 14443A, a system based on ISO 14443B, etc. In principle, it is possible to use any technology which allows the authentication of user media and of a read and/or write device using contactless or else contact-based data transmission. As is also explained in more detail below, an advantage of the identification system according to the invention is that a good security standard is provided which is independent of the built-in securities of the data transmission technology. The method steps which take place during the authentication are usually defined by the technology used (for example “Mifare Classic”). They may be based on the challenge-response method or on other approaches and are in some cases proprietary and not known; the invention works regardless of whether the authentication is performed using known or secret algorithms. The approach according to the invention merely provides the—derived—key; the way in which this is used for the authentication is of no significance to the invention.
The physical form of the user media may be any form which is known from the prior art, for example as a chip card (with an RFID chip—in this form also called an RFID ‘Tag’—or other chip), as an RFID tag integrated in another medium (clock, mobile telephone, etc.), as a chip incorporated into a key, etc. New, alternative forms are also conceivable.
For the authentication, the read and/or write devices are the counterpart of the user media. The third integrated circuit is possibly able to calculate the possibly specific application key of the user medium, for example initially from parameters provided by the user medium (for example the uniqueness number and/or the application index). To this end, the third integrated circuit is then set up, for example like the first integrated circuit, to perform a calculation from the source key and these parameters using the same algorithm—for example a hash algorithm—as the first integrated circuit. The third integrated circuit is also preferably monolithic in the sense that memory means and processing means are integrated in a common chip, and there are no data lines between memory and processor which are accessible without destroying the chip. The third integrated circuit may have the physical design of the first integrated circuit, but the configuration is preferably chosen such that issue of the source key even in encrypted form is not possible, or that a key issued by a third integrated circuit is not adopted by a first or third integrated circuit.
The read and/or write devices may outwardly be designed like known read and/or write devices (for example from Mifare applications), wherein, in contrast to the known read and/or write devices, said third integrated circuit is present, which calculates the key required for the authentication.
The approach in accordance with the various embodiments of the invention has the following advantages: the ‘Secret’ of the identification system is the source key. The hardware of all elements in the system is set up such that the source key is not issued by any component of the system in unencrypted form. The source key may have been stored only by a first or possibly a third integrated circuit, and only a first or third integrated circuit is able to store the source key (system-external media are totally unable to decrypt the key, even if it is available to them in encrypted form). The first and third integrated circuits may be in the form of chips, for example security chips, produced/configured specifically for the application. This, in turn, allows the third integrated circuits to be configured such that they do not issue the source key or a derived key under any circumstances, not even in encrypted form. It is thus possible to use the design of the first and possibly third integrated circuit to ensure that only the key dispenser media can act as key dispensers, and only the key dispenser media can generate further key dispenser media by forwarding the encrypted source key.
As a result, the forwarding of the source key and the production of derived keys can be controlled perfectly. Only someone who is physically in possession of a key dispenser medium is able to generate applications keys and possibly create further key dispenser media—regardless of the design of the second media, and what means (computer with Smart Card Reader (RFID write module, etc.) are used to write information thereto.
The key dispenser medium is not needed in the everyday operation of the identification system, however, and can be stored securely and in seclusion, for example in a safe (physical security).
Provided that the source key can be generated by the operator, it does not need to be known to the manufacturer (system provider). The security key is known at most to the manufacturer, and by way of example to nobody. The security chips used can be produced only by the manufacturer. All in all, a very secure system is obtained which provides good protection against abuse.
Properties and exemplary embodiments of the invention are discussed below with reference to schematic figures, in which:
As
Besides a (preferably writeable, non-volatile) memory 15 with a uniqueness number, application number and/or other, for example application-dependent, data, the user medium 12 also has a memory location for a derived key. The user medium may be designed and configured in the manner of inherently known user media from identification systems, for example, and the relevant data processing means, for example for encrypting data with the derived key, may also be implanted.
In a similar manner to the key dispenser medium, the electronics module of the read and/or write device 3 has a security key 12 and memory locations for the source key 11 and also data processing means 14 for calculating a derived key 13 on the basis of the source key 11 and further parameters 15 such as the uniqueness number and/or an application number, etc. Before the identification system is initialized, the user is provided with at least one key dispenser medium 1 (preferably a plurality of key dispenser media) and a plurality of second media 2, and read and/or write devices are provided with third integrated circuits. The key dispenser media and the third integrated circuits are already provided with the security key; the security key is not disclosed to the user. All media and all read and/or write devices are in a basic state, in which they have no source or derived keys, for example, apart from possible temporary keys which are prescribed during manufacture and which cannot ensure the entire security.
The initialization of the identification system may involve the following method steps taking place:
First of all, upon initialization by the user, the source key 11 can be ascertained in a key dispenser medium, for example as a random number, for example having at least 64 bits, preferably at least 128 bits, particularly preferably at least 256 bits. This turns the medium into a key dispenser (master).
The key dispenser (the initialized key dispenser medium) can then optionally be duplicated by writing to a further key dispenser medium. It is advantageous if the user has at least one duplicate of the key dispenser so that it can continue to operate and service the identification system in the event of a key dispenser being lost or faulty.
In the case of the duplication process too, the source key never leaves the key dispenser medium in unencrypted form, but rather in a form encrypted with the security key 12. The target medium 1′ onto which the key dispenser is duplicated likewise has the security key 12 and can decrypt the security key 12 and store it in the provided memory.
The key dispenser 1 can also be used to initialize the read and/or write device 3 with the third integrated circuit. For this purpose, as
The issue of the source keys by the master may be linked to a further security element, for example the input of a PIN. For this purpose, the key dispenser medium and also the read and/or write device may have means for reading in such a PIN (or the like) which have been input by the user using a suitable input means—for example a computer, via which the key dispenser medium is connected by means of card reader or interface, or a programming appliance which can contact a read and/or write device contactlessly—or have been read in by suitable means; this also includes the possibility of requesting biometric data.
A user medium 2 is initialized by calculating the derived key 13 using the parameters 15—which have been provided by the user medium 2 beforehand, for example—in the key dispenser medium 1. Subsequent to the calculation, the derived key 13 is stored in the memory location provided for this purpose in the user medium.
In use, as
As soon as the user medium 2 and the third integrated circuit of the read and/or write device 3 are in possession of the (identical) derived key 13, the authentication process can take place, and read and/or write processes can take place on the memory means of the user medium 1 and/or on the memory means of the read and/or write device. The data interchange taking place during the authentication process—said data interchange may be based on the challenge-response principle or on another principle—can be performed in a manner which is known per se from the prior art. By way of example, it is possible for a known, proprietary or standardized protocol to be used. One of the strengths of the invention is that the security features and practical advantages of the approach according to the invention are independent of the protocols used for the authentication and for the data interchange and that it is therefore possible to use any suitable protocols. Sometimes, the persons with the user medium 2 do not need to be aware at all that the identification system differs from the art (for example “Mifare Classic”) by virtue of additional security features.
The key dispenser medium 1 shown in
The chip card 31 shown in
The chip card shown in
An identification system in accordance with the invention may have only key dispenser media 1 which are in the same form, or any combinations are conceivable. However, it is preferred for the security chip to be of respectively identical design and functionality even in the case of different media, that is to say for the different media to differ only in terms of how the data interchange with the chip takes place.
The read and/or write device 3 from
For all the media described, it is true that other communication channels can be used instead of or in addition to RFID technology, for example infrared, Bluetooth or other contactless interfaces, contact-based signal transmission, the capacitive-resistive coupling, etc.
The first key dispenser or one of the further produced key dispensers or reduced key dispensers subsequently generates derived keys for the user media 2. For this purpose, either the uniqueness number and/or application number is read from the user media already provided therewith—this is done using an RFID read and write unit 74, which is likewise connected to the computer—or the application number and/or possibly also the uniqueness number is generated by the computer and is loaded onto the user media only during the initialization process. It is also possible for a plurality of application numbers with a respective derived key to be stored on a medium so that the user medium can perform a plurality of functions.
The derived key is read from the key dispenser by the computer and—possibly together with the application number and/or possibly the uniqueness number—loaded onto the integrated circuit (for example RFID chip) of the relevant user medium.
At the same time, beforehand or afterwards, the read and/or write devices are initialized. As examples of read and/or write devices,
For the initialization, the source keys are transmitted (in encrypted form) to the read and/or write devices via data lines (for 76-78) or (for 79 and 84) via an auxiliary medium 61, an RFID-compatible key dispenser, using an RFID-compatible chip card reader or via a suitable other interface of the read and/or write device. At the same time or subsequently, they are programmed by allocating appropriate authorizations (on the basis of application number and/or uniqueness number, on the basis of time, etc.), for example. The programming can be done online using the relevant data lines (for 76-78) or (for 79 and possibly 84) using a programming appliance 80. The read and/or write devices can also be reprogrammed at a later time at any time, a possible prerequisite for the reprogramming being the presence of a key dispenser and/or the input of security features (programming PIN etc.); in the former case, the read and/or write device requests the source key before it changes to a programming mode, for example. Instead of or at the same time as reprogramming, it is naturally also possible for data stored in the read and/or write device to be requested.
The PC 83 with chip card reader 84 is an example of the use of the invention for controlling access to a virtual entry point for a computer or computer network. In this case, the security chip may be in the chip card reader or in the computer (network) and authorize the access to the computer (network) as a whole or for particular applications; it goes without saying that it is also possible for the control center to be programmed via data lines, as in the case of the ‘online’ applications described above.
Following the initialization, the key dispensers—which are preferably all registered—are stored at a secure location, for example in a safe which is accessible only to a restricted group of people. If a key dispenser goes astray or there is another security gap, the read and/or write devices and the available (or recently delivered) key dispenser media are put into the basic state and reinitialized without the need for components to be interchanged. A prerequisite for the resetting of the read and/or write devices to the basic state is preferably the presence of at least one working key dispenser, i.e. so long as there is still one working key dispenser, reinitialization is possible at any time.
In addition to the read and/or write devices shown in
In line with one possible variant for the approach described above, the source key can, upon issue, also be encrypted asymmetrically instead of symmetrically with the security key. In that case, at least the decrypting key should be proprietary and known only to the first and third integrated circuits. Preferably, however, the encrypting key is also proprietary and known only to the relevant circuits so that an ‘incorrect’ key dispenser would be recognized if reprogramming of the read and/or write devices were attempted.
As a further variant, the process of duplicating a master can also take place via a data line at the same time.
Kuster, Christian, Segmüller, Mike
Patent | Priority | Assignee | Title |
Patent | Priority | Assignee | Title |
4811393, | Jul 17 1986 | CP8 Technologies | Method and system for diversification of a basic key and for authentication of a thus-diversified key |
4910773, | Apr 03 1987 | BULL S A | Method of dispatching secret keys to security modules and user cards in a data processing network |
5555309, | Jun 22 1992 | NCR Corporation | Cryptographic key management apparatus and methods |
5633930, | Sep 30 1994 | TOUCH TECHNOLOGY, INC | Common cryptographic key verification in a transaction network |
6014748, | Apr 15 1996 | Card Technology Corporation | System and apparatus for smart card personalization |
6157722, | Mar 23 1998 | INTERLOK KEY MANAGEMENT, LLC | Encryption key management system and method |
6736313, | May 09 2000 | Gilbarco Inc | Card reader module with pin decryption |
6738900, | Jan 28 2000 | AVAYA MANAGEMENT L P | Method and apparatus for distributing public key certificates |
6859535, | Oct 16 1998 | Panasonic Corporation | Digital content protection system |
7836300, | Nov 11 2002 | STMICROELECTRONICS RESEARCH & DEVELOPMENT LIMITED | Security integrated circuit |
20020044657, | |||
20030111528, | |||
20030145203, | |||
20040103276, | |||
20040193898, | |||
20050069139, | |||
20050172137, | |||
20060010324, | |||
20060090082, | |||
20070094505, | |||
20070251997, | |||
20080052770, | |||
20080163361, | |||
FR2875656, | |||
WO9919846, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Mar 31 2009 | KABA AG | (assignment on the face of the patent) | / | |||
Oct 13 2010 | SEGMULLER, MIKE | KABA AG | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 025416 | /0950 | |
Oct 29 2010 | KUSTER, CHRISTIAN | KABA AG | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 025416 | /0950 | |
Mar 31 2017 | KABA AG | DORMAKABA SCHWEIZ AG | MERGER AND CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 044236 | /0636 | |
Mar 31 2017 | DORMAKABA SCHWEIZ AG | DORMAKABA SCHWEIZ AG | MERGER AND CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 044236 | /0636 |
Date | Maintenance Fee Events |
Jun 20 2017 | ASPN: Payor Number Assigned. |
Sep 19 2017 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Sep 15 2021 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Date | Maintenance Schedule |
Mar 25 2017 | 4 years fee payment window open |
Sep 25 2017 | 6 months grace period start (w surcharge) |
Mar 25 2018 | patent expiry (for year 4) |
Mar 25 2020 | 2 years to revive unintentionally abandoned end. (for year 4) |
Mar 25 2021 | 8 years fee payment window open |
Sep 25 2021 | 6 months grace period start (w surcharge) |
Mar 25 2022 | patent expiry (for year 8) |
Mar 25 2024 | 2 years to revive unintentionally abandoned end. (for year 8) |
Mar 25 2025 | 12 years fee payment window open |
Sep 25 2025 | 6 months grace period start (w surcharge) |
Mar 25 2026 | patent expiry (for year 12) |
Mar 25 2028 | 2 years to revive unintentionally abandoned end. (for year 12) |